Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: meldung kostenlos -> stargames.com

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Thema geschlossen
Alt 06.07.2013, 19:55   #16
juergen007
 
meldung kostenlos -> stargames.com - Standard

meldung kostenlos -> stargames.com



namt,

ja hi alles nochmal Dank, dass Sytem läuft runder, google chrome hat noch diese delply drin??!!
Einfach nochmal adwcleaner und JRT laufen lassen?
Und ich seh noch ein ein kaspersky eintrag, sonst alles rund!
was dies jetico wipe macht ist auch net geheuer (bcbus ?) bereitet aber keine probleme.
Mein obiges Problem (nachladen)ist in Firefox und Chrome zu beobachten.
es liegt ja nicht im Browser sonder am progger der website, oder?
Natürlich sind die meisten websites mit weiterführenden URLs gefüttert, ad.doublclick, ty.img, wenn ich das so schnell lesen könnte..
Noch nie aufgefallen?
Lade mal probeweise bitte amazon.de oder ebay.de mit Firefox z.B.und achte darauf !
Vielleicht muss das einfach so sein?
thx! ganz schöne aktion wow, ich schicke blumen

Jürgen.

Alt 07.07.2013, 06:33   #17
schrauber
/// the machine
/// TB-Ausbilder
 

meldung kostenlos -> stargames.com - Standard

meldung kostenlos -> stargames.com



Deinstalliere beide Browser, behalte keine Daten, und installier sie neu, installier bei beiden dann das Addon Adblock plus. Aber das mit den Seiten ist normal

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________

__________________

Alt 07.07.2013, 09:57   #18
juergen007
 
meldung kostenlos -> stargames.com - Icon17

meldung kostenlos -> stargames.com



Ok mach ich alles h:
Zum anonymen surfen habe ich Hotspot shield, das eine amerikanische ip simuliert über proxy. Soll/kann ich dabei bleiben?
Ist es richtig das mon "QoS" aus den netzwerkverbindungen problemlos deinstallieren kann?
empfohlen wurde auch von anderen als ultimative "restore"- sw commodo time machine, habs aber nocht nicht gestestet.
So, ich mach mich an die Arbeit und melde mich dann, von firefox das profil sicher ich auf ner externen Festplatte, weil mit die bookmarks wichtig sind.
Die temp ordner unter appdata\local habe ich manchmal manuell gelöscht, das was noch gebraucht wird, ist gesperrt.
bis denne.
__________________

Alt 07.07.2013, 10:11   #19
schrauber
/// the machine
/// TB-Ausbilder
 

meldung kostenlos -> stargames.com - Standard

meldung kostenlos -> stargames.com



Zitat:
Zum anonymen surfen habe ich Hotspot shield, das eine amerikanische ip simuliert über proxy. Soll/kann ich dabei bleiben?
Joah kann man haben
Zitat:
Ist es richtig das mon "QoS" aus den netzwerkverbindungen problemlos deinstallieren kann?
nicht mein Fachgebiet, sorry.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.07.2013, 10:39   #20
juergen007
 
meldung kostenlos -> stargames.com - Icon22

meldung kostenlos -> stargames.com



Habe jetzt combofix aus versehen aber ich denk das macht nichts (?)in "Unistall" auf desktop umbenannt, und es führt sich nochmal komplett aus, siehe logfile, soll ich weitermachen? Die Einträge "desktoplayer" und "amazon" sind dubios, ich hatte nach dem total clean noch das prog
"Pamela" installiert zum aufnehmen von skype gesprächen..
Thx

Combofix Logfile:
Code:
ATTFilter
ComboFix 13-07-07.01 - juergen 07.07.2013  11:11:43.2.2 - x64
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.49.1031.18.3071.1810 [GMT 2:00]
ausgeführt von:: c:\users\juergen\Desktop\Unistall.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
 ADS - Windows: deleted 192 bytes in 1 streams. 
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Microsoft\DesktopLayer.exe
.
Infizierte Kopie von c:\windows\SysWow64\userinit.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\erdnt\cache86\userinit.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-07 bis 2013-07-07  ))))))))))))))))))))))))))))))
.
.
2013-07-07 09:19 . 2013-07-07 09:19	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-06 18:59 . 2013-07-06 18:59	312232	----a-w-	c:\windows\system32\javaws.exe
2013-07-06 18:59 . 2013-07-06 18:59	108968	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-07-06 18:59 . 2013-07-06 18:59	189352	----a-w-	c:\windows\system32\javaw.exe
2013-07-06 18:59 . 2013-07-06 18:59	188840	----a-w-	c:\windows\system32\java.exe
2013-07-06 18:59 . 2013-07-06 18:59	--------	d-----w-	c:\program files\Java
2013-07-06 18:20 . 2013-07-07 08:01	--------	d-----w-	c:\users\juergen\AppData\Roaming\Pamela
2013-07-06 18:20 . 2013-07-06 18:20	176128	----a-w-	c:\windows\SysWow64\RemoteControl.dll
2013-07-06 18:20 . 2013-07-06 18:20	--------	d-----w-	c:\program files (x86)\Pamela
2013-07-06 08:30 . 2013-07-06 08:30	--------	d-----w-	c:\users\juergen\AppData\Local\Apps
2013-07-06 07:26 . 2013-06-17 00:10	9552976	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{EAA49EBA-9BF0-4775-A6C2-6F66A2F05713}\mpengine.dll
2013-07-05 14:39 . 2013-07-05 14:39	--------	d-----w-	c:\windows\ERUNT
2013-07-05 14:39 . 2013-07-06 15:48	--------	d-----w-	C:\JRT
2013-07-04 15:36 . 2013-07-04 15:51	--------	d-----w-	C:\~BCWipe.stu
2013-07-04 14:26 . 2013-07-04 14:26	--------	d-----w-	c:\users\juergen\AppData\Local\DealPlyLive
2013-07-04 12:24 . 2013-07-04 12:24	--------	d-----w-	C:\FRST
2013-07-02 22:07 . 2013-07-02 22:07	255352	----a-w-	c:\windows\SysWow64\awrdscdc.ax
2013-07-02 22:07 . 2003-03-18 19:20	1060864	------w-	c:\windows\SysWow64\mfc71.dll
2013-07-02 22:07 . 2003-03-18 18:14	499712	------w-	c:\windows\SysWow64\msvcp71.dll
2013-07-02 22:07 . 2003-02-21 02:42	348160	------w-	c:\windows\SysWow64\msvcr71.dll
2013-07-02 22:07 . 2001-08-17 20:43	24576	------w-	c:\windows\SysWow64\msxml3a.dll
2013-07-01 19:55 . 2013-07-01 19:55	--------	d-----w-	C:\autos
2013-06-28 13:18 . 2013-06-29 11:43	--------	d-----w-	c:\users\juergen\AppData\Roaming\Nitro PDF
2013-06-28 11:15 . 2013-06-28 11:15	--------	d-----w-	c:\users\juergen\AppData\Roaming\PDF Architect
2013-06-28 11:11 . 2013-06-29 07:28	--------	d-----w-	c:\program files (x86)\Amazon
2013-06-28 10:48 . 2013-06-28 10:49	--------	d-----w-	c:\program files (x86)\PDF Architect
2013-06-28 10:48 . 2013-06-28 10:48	--------	d-sh--w-	c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-06-28 10:47 . 2013-04-09 13:13	110264	----a-w-	c:\windows\system32\pdfcmon.dll
2013-06-28 10:47 . 2013-01-09 13:52	1070152	----a-w-	c:\windows\SysWow64\MSCOMCTL.OCX
2013-06-28 10:47 . 2012-05-05 09:54	662288	----a-w-	c:\windows\SysWow64\MSCOMCT2.OCX
2013-06-28 10:47 . 2012-05-05 09:54	137000	----a-w-	c:\windows\SysWow64\MSMAPI32.OCX
2013-06-28 10:47 . 1998-07-06 16:56	125712	----a-w-	c:\windows\SysWow64\VB6DE.DLL
2013-06-28 10:47 . 1998-07-06 16:55	158208	----a-w-	c:\windows\SysWow64\MSCMCDE.DLL
2013-06-28 10:47 . 2013-06-28 10:54	--------	d-----w-	c:\program files (x86)\PDFCreator
2013-06-28 10:47 . 2012-05-05 09:54	23552	----a-w-	c:\windows\SysWow64\MSMPIDE.DLL
2013-06-28 10:47 . 1998-07-06 16:55	64512	----a-w-	c:\windows\SysWow64\MSCC2DE.DLL
2013-06-27 13:28 . 2013-06-27 13:28	--------	d-----w-	c:\program files (x86)\Text2PDF v1.5
2013-06-27 12:18 . 2013-06-27 12:18	--------	d-----w-	c:\users\juergen\AppData\Local\PDF24
2013-06-27 11:47 . 2013-06-27 12:15	--------	d-----w-	c:\program files (x86)\PDF24
2013-06-26 12:59 . 2013-06-30 10:24	--------	d-----w-	c:\users\juergen\AppData\Roaming\Nitro
2013-06-26 12:59 . 2013-06-26 12:59	--------	d-----w-	c:\users\juergen\AppData\Roaming\FileOpen
2013-06-26 12:59 . 2013-06-26 12:59	--------	d-----w-	c:\programdata\FileOpen
2013-06-26 12:58 . 2013-06-18 13:13	29712	----a-w-	c:\windows\system32\nitrolocalmon2.dll
2013-06-26 12:58 . 2013-06-17 20:00	17928	----a-w-	c:\windows\system32\nitrolocalui2.dll
2013-06-26 12:58 . 2013-06-27 13:49	--------	d-----w-	c:\program files\Common Files\Nitro
2013-06-26 12:58 . 2013-06-27 13:49	--------	d-----w-	c:\programdata\Nitro
2013-06-26 12:58 . 2013-06-27 13:49	--------	d-----w-	c:\program files (x86)\Nitro
2013-06-26 12:58 . 2013-06-26 12:58	--------	d-----w-	c:\program files (x86)\Common Files\Nitro
2013-06-26 12:56 . 2013-06-27 13:47	--------	d-----w-	c:\users\juergen\AppData\Roaming\Downloaded Installations
2013-06-25 18:27 . 2013-06-25 18:27	--------	d-----w-	C:\realtek_pcielan_7_mb
2013-06-24 10:32 . 2013-07-06 14:46	--------	d-----w-	c:\users\juergen\AppData\Roaming\AbiSuite
2013-06-24 10:32 . 2013-06-24 10:32	--------	d-----w-	c:\program files (x86)\AbiWord
2013-06-21 19:51 . 2013-06-21 19:51	--------	d-----w-	c:\windows\SysWow64\en
2013-06-21 19:51 . 2013-06-21 19:51	--------	d-----w-	c:\windows\SysWow64\drivers\UMDF\en-US
2013-06-21 19:51 . 2013-06-21 19:51	--------	d-----w-	c:\windows\SysWow64\0409
2013-06-21 19:51 . 2013-06-21 19:51	--------	d-----w-	c:\windows\system32\en
2013-06-21 19:51 . 2013-06-21 19:51	--------	d-----w-	c:\windows\system32\0409
2013-06-21 19:51 . 2013-06-22 05:03	--------	d-----w-	c:\windows\system32\drivers\en-US
2013-06-21 19:51 . 2013-06-21 19:51	--------	d-----w-	c:\windows\system32\drivers\UMDF\en-US
2013-06-21 19:40 . 2009-07-13 16:30	3584	----a-w-	c:\windows\system32\Spool\prtprocs\x64\en-US\LXKPTPRC.DLL.mui
2013-06-21 18:34 . 2013-06-21 18:34	2706432	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-06-20 19:41 . 2013-04-11 09:06	39504	----a-w-	c:\windows\system32\drivers\gfiark.sys
2013-06-20 18:51 . 2013-04-10 06:01	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-06-20 18:51 . 2013-04-10 06:01	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-06-20 18:51 . 2011-02-03 11:25	144384	----a-w-	c:\windows\system32\cdd.dll
2013-06-20 18:51 . 2013-05-08 06:39	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-20 18:49 . 2013-05-10 05:49	30720	----a-w-	c:\windows\system32\cryptdlg.dll
2013-06-17 20:01 . 2013-06-17 20:01	69640	----a-w-	c:\windows\SysWow64\NLSSRV32.EXE
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-06 18:59 . 2012-11-23 13:20	972712	----a-w-	c:\windows\system32\deployJava1.dll
2013-07-06 18:59 . 2012-11-23 13:20	1093032	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-07-04 14:26 . 2011-02-19 22:03	420944	----a-w-	c:\windows\SysWow64\msvcp100.dll
2013-07-04 14:26 . 2011-02-18 23:40	773712	----a-w-	c:\windows\SysWow64\msvcr100.dll
2013-07-04 10:20 . 2013-04-26 13:55	14456	----a-w-	c:\windows\system32\drivers\gfibto.sys
2013-06-27 12:46 . 2013-02-03 15:16	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-06-27 12:46 . 2013-02-03 15:16	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-06-27 12:45 . 2013-01-09 21:23	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-06-21 04:39 . 2012-09-27 00:36	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-21 04:39 . 2012-09-27 00:36	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-02 15:11 . 2012-09-26 17:19	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-05-02 00:06 . 2012-09-26 17:12	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-21 17:52 . 2012-12-05 15:40	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-04-21 17:52 . 2012-12-05 15:40	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-04-21 17:51 . 2012-12-05 15:40	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-04-17 04:34 . 2013-04-17 04:34	418	----a-w-	c:\windows\DeleteOnReboot.bat
2013-04-13 05:49 . 2013-06-20 18:51	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-06-20 18:51	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-06-20 18:51	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-06-20 18:51	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-06-20 18:51	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-06-20 18:51	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 09:54	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pamela.exe"="c:\program files (x86)\Pamela\Pamela.exe" [2013-07-06 12146136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2013-06-10 162856]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbNailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files (x86)\microsoft\desktoplayer.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1090858589-2281462704-4108028673-1001\Scripts\Logoff\0\0]
"Script"=c:\program files (x86)\Jetico\BCWipe\BCWipeTM.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 dealplylive;DealPly Live-Dienst (dealplylive);c:\program files (x86)\DealPlyLive\Update\DealPlyLive.exe;c:\program files (x86)\DealPlyLive\Update\DealPlyLive.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 WLMS;Windows Licensing Monitoring Service;c:\windows\system32\wlms\wlms.exe;c:\windows\SYSNATIVE\wlms\wlms.exe [x]
R3 dealplylivem;DealPly Live-Dienst (dealplylivem);c:\program files (x86)\DealPlyLive\Update\DealPlyLive.exe;c:\program files (x86)\DealPlyLive\Update\DealPlyLive.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 MftWipeFilter;Jetico file system filter; [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 BCSWAP;BCSWAP; [x]
R4 BCWipeSvc;BCWipe service;c:\program files (x86)\Jetico\BCWipe\BCWipeSvc.exe;c:\program files (x86)\Jetico\BCWipe\BCWipeSvc.exe [x]
R4 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [x]
R4 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [x]
R4 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
R4 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S0 bcfnt;bcfnt; [x]
S0 fsh;fsh; [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S1 BC_3DES;BC_3DES; [x]
S1 BC_BF128;BC_BF128; [x]
S1 BC_BF448;BC_BF448; [x]
S1 BC_BFish;BC_BFish; [x]
S1 BC_CAST;BC_CAST; [x]
S1 BC_DES;BC_DES; [x]
S1 BC_Gost;BC_Gost; [x]
S1 BC_IDEA;BC_IDEA; [x]
S1 BC_RC6;BC_RC6; [x]
S1 BC_RIJN;BC_RIJN; [x]
S1 BC_SERP;BC_SERP; [x]
S1 BC_TFISH;BC_TFISH; [x]
S1 bcbus;BestCrypt bus driver;c:\windows\system32\DRIVERS\bcbus.sys;c:\windows\SYSNATIVE\DRIVERS\bcbus.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [x]
S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S3 AtcL001;NDIS-Miniporttreiber für L1-Gigabit-Ethernet-Controller von Atheros;c:\windows\system32\DRIVERS\l160x64.sys;c:\windows\SYSNATIVE\DRIVERS\l160x64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 mhk;mhk; [x]
S3 moh;moh; [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-27 04:39]
.
2013-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-11 12:01]
.
2013-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-11 12:01]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.nl
mDefault_Search_URL = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.de
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\juergen\AppData\Roaming\Mozilla\Firefox\Profiles\rh1oohzh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - ExtSQL: 2013-06-28 12:48; FFPDFArchitectConverter@pdfarchitect.com; c:\program files (x86)\PDF Architect\FFPDFArchitectExt
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-07  11:24:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-07-07 09:24
ComboFix2.txt  2013-07-04 20:23
.
Vor Suchlauf: 61 Verzeichnis(se), 52.958.601.216 Bytes frei
Nach Suchlauf: 63 Verzeichnis(se), 52.763.566.080 Bytes frei
.
- - End Of File - - 155339D401D83EA96E0C52DE1814A789
         
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31


Alt 07.07.2013, 11:12   #21
schrauber
/// the machine
/// TB-Ausbilder
 

meldung kostenlos -> stargames.com - Standard

meldung kostenlos -> stargames.com



kannst Du Desktoplayer und amazon deinstallieren?
__________________
--> meldung kostenlos -> stargames.com

Alt 07.07.2013, 11:35   #22
juergen007
 
meldung kostenlos -> stargames.com - Standard

meldung kostenlos -> stargames.com



Nein. tauchen nicht in systemsteuerung, oder revo uninstaller auf, kann die dateien löschen, oder?

Alt 07.07.2013, 12:34   #23
schrauber
/// the machine
/// TB-Ausbilder
 

meldung kostenlos -> stargames.com - Standard

meldung kostenlos -> stargames.com



jup
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.07.2013, 21:32   #24
juergen007
 
meldung kostenlos -> stargames.com - Standard

meldung kostenlos -> stargames.com



Ok nochmal danke! du kannst den thread jetzt aus der watchlist rausnehmen.
security online sagt alles sauber.
Ich fahre 2 Java versionen die 32 und 64 bit version, letzeren braucht Eclipse.
das combofix ist sehr machtvoll.
Falls ich noch mal probs sehe, werd ich ne neue Anfrage posten.
filepony gat ausgezeichnete SW!
Btw: Wo landen denn die Spenden wenn man hier was spendet?
Thx
Jürgen

Alt 08.07.2013, 21:43   #25
schrauber
/// the machine
/// TB-Ausbilder
 

meldung kostenlos -> stargames.com - Standard

meldung kostenlos -> stargames.com



Beim Admin. Für Forum, Serverkosten, also wir haben alle was davon
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.07.2013, 07:20   #26
juergen007
 
meldung kostenlos -> stargames.com - Standard

meldung kostenlos -> stargames.com



Ja ok hier bin ich wieder gg
winpatrol meldete ständig 2 addons in IE die man dann rejecten muss was nervt.
Jetzt habe ich adwcleaner und jrt laufenlassen, und haendisch piccshare und das andere war unter /program files()x86/google/blabla mit systemsteuerung deinstalliert, scheint erstmal behoben alles..
Der ganze K.KK IE nervt trotzdem gewaltig.

kann man den ganz entfernen ?
In addons waren die beiden Nerver deaktiviert gingen aber trotzdem immmer an.
das Ding IE ist IMHO völlig überflüssig und schlecht dokumentiert.
nur manche spiele brauchen es.
soll ich nochmal n hijack scan machen oder so?
OK

Moin.
Noch was, was auch ein registry oder malware? problem zu sein scheint:
Beim Start von d:\xampp-portable\xampp-control.exe und dann starte apache öffnen sich 10 (zehn) Internet explorer fenster mit der standard startseite google.de??!!
Man kann die einfach zu machen das ist kein Prob aber es nervt..
hat sicher was mit spawn child processes zu tuen oder verbogener Verweise?
k.A.
Thx

jürgen

Alt 18.07.2013, 08:25   #27
schrauber
/// the machine
/// TB-Ausbilder
 

meldung kostenlos -> stargames.com - Standard

meldung kostenlos -> stargames.com



Strange. Setz den IE doch einmal komplett zurück bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.07.2013, 09:13   #28
juergen007
 
meldung kostenlos -> stargames.com - Standard

meldung kostenlos -> stargames.com



Habe jetzt bevor ich IE zurücksetzte nochmal OTL und GMER laufen lassen
Trotzdem der "effekt" des aufpoppens von IE (version 10) fenstern, nicht nur bei apache sonder ständig irgendwie...
hänge otl,extras und gmer.txt an,hatte auch n 7-zip gemacht, finde aber nicht datei -anhänge upload hier.OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 18.07.2013 08:29:19 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\juergen\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 77,36% Memory free
6,00 Gb Paging File | 5,08 Gb Available in Paging File | 84,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 351,38 Gb Total Space | 45,95 Gb Free Space | 13,08% Space Free | Partition Type: NTFS
Drive D: | 347,16 Gb Total Space | 83,30 Gb Free Space | 23,99% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 66,09 Gb Free Space | 7,09% Space Free | Partition Type: NTFS
 
Computer Name: JUERGEN-PC | User Name: juergen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.18 08:27:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\juergen\Desktop\OTL.exe
PRC - [2013.06.17 22:01:10 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2013.06.10 12:08:18 | 000,162,856 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2013.04.27 00:24:42 | 000,423,144 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2013.04.08 18:44:12 | 001,320,496 | ---- | M] (pdfforge GmbH) -- C:\Program Files (x86)\PDF Architect\HelperService.exe
PRC - [2013.04.08 18:43:36 | 000,799,280 | ---- | M] (pdfforge GmbH) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.12.10 03:46:38 | 000,600,868 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.08.18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 12:55:58 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wlms\wlms.exe -- (WLMS)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.07.12 11:14:11 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.18 15:13:20 | 000,230,416 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe -- (NitroReaderDriverReadSpool3)
SRV - [2013.06.17 22:01:10 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2013.06.17 22:01:04 | 000,230,408 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8)
SRV - [2013.06.03 16:54:06 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.04.08 18:44:12 | 001,320,496 | ---- | M] (pdfforge GmbH) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2013.04.08 18:43:36 | 000,799,280 | ---- | M] (pdfforge GmbH) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2013.03.06 17:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013.02.23 03:36:04 | 000,545,576 | ---- | M] (AnchorFree Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2013.02.23 03:33:26 | 000,389,928 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013.02.23 03:29:46 | 000,453,928 | ---- | M] (AnchorFree Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2013.02.22 03:54:48 | 000,078,512 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - [2012.12.04 09:00:06 | 000,088,424 | ---- | M] (Jetico, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Jetico\BCWipe\BCWipeSvc.exe -- (BCWipeSvc)
SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.07.04 12:20:13 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013.04.11 11:06:54 | 000,039,504 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2013.02.22 03:53:00 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013.02.22 03:43:20 | 000,046,280 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2012.12.05 10:40:04 | 000,031,488 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MftWipeFilter.sys -- (MftWipeFilter)
DRV:64bit: - [2012.11.23 09:34:02 | 000,067,840 | ---- | M] (Jetico, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsh.sys -- (fsh)
DRV:64bit: - [2012.11.22 14:17:18 | 000,177,920 | ---- | M] (Jetico, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\bcfnt.sys -- (bcfnt)
DRV:64bit: - [2012.08.23 05:58:48 | 000,078,440 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bcbus.sys -- (bcbus)
DRV:64bit: - [2012.08.17 06:08:28 | 000,034,408 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_tfish.sys -- (BC_TFISH)
DRV:64bit: - [2012.08.17 06:08:06 | 000,036,968 | ---- | M] (Michael Oestergaard Pedersen) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_serp.sys -- (BC_SERP)
DRV:64bit: - [2012.08.17 06:07:45 | 000,051,304 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_rijn.sys -- (BC_RIJN)
DRV:64bit: - [2012.08.17 06:07:24 | 000,030,312 | ---- | M] (Michael Oestergaard Pedersen) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_rc6.sys -- (BC_RC6)
DRV:64bit: - [2012.08.17 06:05:05 | 000,027,752 | ---- | M] (Iarsn) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_idea.sys -- (BC_IDEA)
DRV:64bit: - [2012.08.17 06:04:44 | 000,025,704 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_gost.sys -- (BC_Gost)
DRV:64bit: - [2012.08.17 06:04:01 | 000,033,896 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_des.sys -- (BC_DES)
DRV:64bit: - [2012.08.17 06:03:40 | 000,037,480 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_cast.sys -- (BC_CAST)
DRV:64bit: - [2012.08.17 06:03:19 | 000,030,824 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_bfish.sys -- (BC_BFish)
DRV:64bit: - [2012.08.17 06:02:57 | 000,030,824 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_bf448.sys -- (BC_BF448)
DRV:64bit: - [2012.08.17 06:02:36 | 000,030,824 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_bf128.sys -- (BC_BF128)
DRV:64bit: - [2012.08.17 06:02:14 | 000,034,408 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_3des.sys -- (BC_3DES)
DRV:64bit: - [2012.08.02 16:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012.03.26 23:45:14 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.02 09:02:47 | 000,124,992 | ---- | M] (Jetico, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\bcswap.sys -- (BCSWAP)
DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.07.17 06:02:40 | 000,013,376 | ---- | M] (Jetico, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\moh.sys -- (moh)
DRV:64bit: - [2010.07.17 06:02:18 | 000,017,472 | ---- | M] (Jetico, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mhk.sys -- (mhk)
DRV:64bit: - [2009.08.18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.25 04:14:46 | 000,058,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\l160x64.sys -- (AtcL001)
DRV:64bit: - [2009.06.22 20:38:32 | 000,116,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.06.22 20:26:38 | 000,113,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = Google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = Google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = Google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = Google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = Google
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = Google
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472F-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..extensions.enabledAddons: info%40elime.be:1.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF.PrevVerNPR: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.06.28 12:48:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.06 19:53:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.09 01:30:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\SpecialSavings@SpecialSavings.com: C:\Users\juergen\AppData\Roaming\Mozilla\Extensions\SpecialSavings@SpecialSavings.com [2013.02.27 12:28:36 | 000,000,000 | ---D | M]
 
[2013.02.27 12:28:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\juergen\AppData\Roaming\mozilla\Extensions
[2013.02.27 12:28:36 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Users\juergen\AppData\Roaming\mozilla\Extensions\SpecialSavings@SpecialSavings.com
[2013.02.27 12:28:39 | 000,000,000 | ---D | M] (Smiley Bar for Facebook) -- C:\Users\juergen\AppData\Roaming\mozilla\Extensions\statuswinks@StatusWinks
[2013.07.04 16:42:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\juergen\AppData\Roaming\mozilla\Firefox\Profiles\rh1oohzh.default\extensions
[2013.06.20 21:47:22 | 002,168,615 | ---- | M] () (No name found) -- C:\Users\juergen\AppData\Roaming\mozilla\firefox\profiles\rh1oohzh.default\extensions\firebug@software.joehewitt.com.xpi
[2012.11.25 15:43:39 | 000,013,136 | ---- | M] () (No name found) -- C:\Users\juergen\AppData\Roaming\mozilla\firefox\profiles\rh1oohzh.default\extensions\info@elime.be.xpi
[2013.03.22 11:13:37 | 000,002,418 | ---- | M] () -- C:\Users\juergen\AppData\Roaming\mozilla\firefox\profiles\rh1oohzh.default\searchplugins\englische-ergebnisse.xml
[2013.03.22 11:13:37 | 000,010,701 | ---- | M] () -- C:\Users\juergen\AppData\Roaming\mozilla\firefox\profiles\rh1oohzh.default\searchplugins\gmx-suche.xml
[2013.03.22 11:13:37 | 000,002,432 | ---- | M] () -- C:\Users\juergen\AppData\Roaming\mozilla\firefox\profiles\rh1oohzh.default\searchplugins\lastminute.xml
[2013.03.22 11:13:36 | 000,005,682 | ---- | M] () -- C:\Users\juergen\AppData\Roaming\mozilla\firefox\profiles\rh1oohzh.default\searchplugins\webde-suche.xml
[2013.07.06 19:54:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.07.06 19:54:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013.07.07 11:21:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
O2 - BHO: (PiccShare BHO) - {553318DA-D010-469E-84B1-496563CAE1C0} - C:\Users\juergen\AppData\Local\ext_piccshare\ext_piccshare.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKCU..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbNailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB4D40BA-8971-4822-AF56-8907CF5C9368}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\program files (x86)\microsoft\desktoplayer.exe) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.07.01 21:55:07 | 000,000,000 | ---D | M] - C:\autos -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.18 08:27:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\juergen\Desktop\OTL.exe
[2013.07.17 18:56:54 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\SSync
[2013.07.17 18:56:54 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\SCheck
[2013.07.17 18:56:54 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\Intermediate
[2013.07.17 18:54:57 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\PiccShare
[2013.07.17 18:54:57 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\Common
[2013.07.17 18:54:54 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bandizip
[2013.07.17 18:54:51 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Local\Bandizip
[2013.07.12 11:13:46 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Local\Adobe
[2013.07.12 05:37:17 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AutoBinaryEA
[2013.07.12 05:32:59 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\AutoBinaryEA
[2013.07.10 08:43:07 | 001,776,221 | ---- | C] (Farbar) -- C:\Users\juergen\Desktop\FRST64 (2).exe
[2013.07.09 19:07:58 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\WinPatrol
[2013.07.09 19:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2013.07.09 19:07:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2013.07.08 22:55:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013.07.08 22:55:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2013.07.08 10:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.07.08 10:32:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.07.07 22:27:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.07.07 11:24:54 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.07.06 20:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.07.06 20:20:44 | 000,000,000 | ---D | C] -- C:\Users\juergen\Documents\Pamela
[2013.07.06 20:20:38 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\Pamela
[2013.07.06 19:53:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.07.06 10:30:46 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Local\Apps
[2013.07.06 08:47:54 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013.07.05 21:02:10 | 002,347,384 | ---- | C] (ESET) -- C:\Users\juergen\Desktop\esetsmartinstaller_enu.exe
[2013.07.05 16:39:46 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.07.05 16:39:37 | 000,000,000 | ---D | C] -- C:\JRT
[2013.07.05 13:32:52 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\juergen\Desktop\JRT.exe
[2013.07.04 18:01:57 | 001,934,636 | ---- | C] (Farbar) -- C:\Users\juergen\Desktop\FRST64.exe
[2013.07.04 17:36:59 | 000,000,000 | ---D | C] -- C:\~BCWipe.stu
[2013.07.04 16:26:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.07.04 14:24:47 | 000,000,000 | ---D | C] -- C:\FRST
[2013.07.03 00:07:59 | 000,255,352 | ---- | C] (Audible, Inc.) -- C:\Windows\SysWow64\awrdscdc.ax
[2013.07.03 00:07:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
[2013.07.01 21:55:00 | 000,000,000 | ---D | C] -- C:\autos
[2013.06.28 15:18:51 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\Nitro PDF
[2013.06.28 13:15:50 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\PDF Architect
[2013.06.28 12:49:21 | 000,000,000 | ---D | C] -- C:\Users\juergen\Documents\PDF Architect Files
[2013.06.28 12:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
[2013.06.28 12:48:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Architect
[2013.06.28 12:48:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.06.28 12:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2013.06.28 12:47:51 | 000,110,264 | ---- | C] (pdfforge GmbH) -- C:\Windows\SysNative\pdfcmon.dll
[2013.06.28 12:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2013.06.27 15:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Text To PDF Converter v1.5
[2013.06.27 15:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Text2PDF v1.5
[2013.06.27 14:18:01 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Local\PDF24
[2013.06.27 13:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2013.06.27 13:47:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24
[2013.06.26 14:59:23 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\Nitro
[2013.06.26 14:59:23 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\FileOpen
[2013.06.26 14:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen
[2013.06.26 14:58:51 | 000,029,712 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll
[2013.06.26 14:58:51 | 000,017,928 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll
[2013.06.26 14:58:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro
[2013.06.26 14:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro
[2013.06.26 14:58:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro
[2013.06.26 14:58:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro
[2013.06.26 14:56:25 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\Downloaded Installations
[2013.06.25 20:27:09 | 000,000,000 | ---D | C] -- C:\realtek_pcielan_7_mb
[2013.06.24 12:32:59 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\AbiSuite
[2013.06.24 12:32:49 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor
[2013.06.24 12:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor
[2013.06.24 12:32:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AbiWord
[2013.06.21 21:51:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\en-US
[2013.06.21 21:51:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\en
[2013.06.21 21:51:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0409
[2013.06.21 21:51:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\en
[2013.06.21 21:51:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0409
[2013.06.21 21:51:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\en-US
[2013.06.21 21:40:46 | 000,003,584 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\en-US\pscr.sys.mui
[2013.06.21 21:40:19 | 000,010,240 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\en-US\BrSerIb.sys.mui
[2013.06.21 21:40:17 | 000,010,240 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\en-US\BrSerId.sys.mui
[2013.06.21 21:40:17 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\en-US\BrParwdm.sys.mui
[2013.06.20 21:41:56 | 000,039,504 | ---- | C] (ThreatTrack Security) -- C:\Windows\SysNative\drivers\gfiark.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.18 08:27:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\juergen\Desktop\OTL.exe
[2013.07.18 08:26:07 | 000,000,000 | ---- | M] () -- C:\Users\juergen\defogger_reenable
[2013.07.18 08:24:04 | 000,050,477 | ---- | M] () -- C:\Users\juergen\Desktop\Defogger.exe
[2013.07.18 07:42:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.18 07:37:43 | 000,016,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.18 07:37:43 | 000,016,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.18 07:32:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.18 07:32:20 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.17 19:51:21 | 000,662,345 | ---- | M] () -- C:\Users\juergen\Desktop\adwcleaner(1).exe
[2013.07.17 18:54:54 | 000,001,190 | ---- | M] () -- C:\Users\juergen\Desktop\Bandizip.lnk
[2013.07.17 18:54:43 | 004,265,776 | ---- | M] () -- C:\Users\juergen\Desktop\bandizip-setup-gl.exe
[2013.07.17 09:19:01 | 001,059,888 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.17 09:19:01 | 000,820,578 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.17 09:19:01 | 000,266,264 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.17 09:19:01 | 000,226,204 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.17 09:19:01 | 000,006,248 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.12 05:37:20 | 000,001,152 | ---- | M] () -- C:\Users\juergen\Desktop\AutoBinaryEA.lnk
[2013.07.12 05:36:33 | 000,006,230 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.07.11 16:00:23 | 000,295,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.07.11 12:08:09 | 000,019,996 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2013.07.10 08:42:01 | 001,776,221 | ---- | M] (Farbar) -- C:\Users\juergen\Desktop\FRST64 (2).exe
[2013.07.08 22:55:58 | 000,002,058 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.07.08 11:14:37 | 000,157,065 | ---- | M] () -- C:\Users\juergen\Documents\chromebookmarks_08.07.13.html
[2013.07.07 11:21:19 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.07.06 18:25:01 | 000,246,767 | ---- | M] () -- C:\Users\juergen\Documents\Scientology, Betroffenenbericht.htm
[2013.07.06 18:25:00 | 000,124,946 | ---- | M] () -- C:\Users\juergen\Documents\erfinder.htm
[2013.07.06 16:55:50 | 000,890,988 | ---- | M] () -- C:\Users\juergen\Desktop\SecurityCheck.exe
[2013.07.06 08:47:54 | 000,001,272 | ---- | M] () -- C:\Users\juergen\Desktop\Revo Uninstaller.lnk
[2013.07.05 21:01:49 | 002,347,384 | ---- | M] (ESET) -- C:\Users\juergen\Desktop\esetsmartinstaller_enu.exe
[2013.07.05 13:40:12 | 000,001,057 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.07.05 13:32:33 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\juergen\Desktop\JRT.exe
[2013.07.04 14:23:10 | 001,934,636 | ---- | M] (Farbar) -- C:\Users\juergen\Desktop\FRST64.exe
[2013.07.04 12:20:13 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.07.03 00:08:02 | 000,001,973 | ---- | M] () -- C:\Users\juergen\Desktop\Audible Manager.lnk
[2013.07.03 00:07:59 | 000,255,352 | ---- | M] (Audible, Inc.) -- C:\Windows\SysWow64\awrdscdc.ax
[2013.06.30 17:18:21 | 000,000,334 | ---- | M] () -- C:\Windows\SysWow64\CountScans.XML
[2013.06.29 12:34:51 | 036,095,593 | ---- | M] () -- C:\Users\juergen\Documents\scientology_part1.wma
[2013.06.29 11:42:04 | 000,090,283 | ---- | M] () -- C:\Users\juergen\Documents\Unbenannt.wma
[2013.06.28 13:15:46 | 000,059,402 | ---- | M] () -- C:\Users\juergen\Documents\mittelteil.pdf
[2013.06.28 12:49:29 | 000,001,001 | ---- | M] () -- C:\Users\juergen\Desktop\PDF Architect.lnk
[2013.06.28 12:48:00 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013.06.28 12:23:24 | 000,003,176 | ---- | M] () -- C:\Users\juergen\Documents\mittelteil_opt.pdf
[2013.06.27 16:41:28 | 000,008,203 | ---- | M] () -- C:\Users\juergen\Documents\Untitled_opt.pdf
[2013.06.27 15:49:46 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\Nitro Pro 8.lnk
[2013.06.27 15:30:00 | 000,000,037 | ---- | M] () -- C:\pdfinfo.ini
[2013.06.27 15:28:40 | 000,000,971 | ---- | M] () -- C:\Users\juergen\Desktop\Text To PDF Converter.lnk
[2013.06.27 13:47:30 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.06.27 13:47:30 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2013.06.26 14:58:47 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Nitro Reader.lnk
[2013.06.21 20:34:51 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.06.21 20:34:46 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.06.21 11:21:40 | 000,001,190 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2013.06.18 15:13:00 | 000,029,712 | ---- | M] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll
 
========== Files Created - No Company Name ==========
 
[2013.07.18 08:26:07 | 000,000,000 | ---- | C] () -- C:\Users\juergen\defogger_reenable
[2013.07.18 08:24:22 | 000,050,477 | ---- | C] () -- C:\Users\juergen\Desktop\Defogger.exe
[2013.07.17 19:51:46 | 000,662,345 | ---- | C] () -- C:\Users\juergen\Desktop\adwcleaner(1).exe
[2013.07.17 18:54:54 | 000,001,190 | ---- | C] () -- C:\Users\juergen\Desktop\Bandizip.lnk
[2013.07.17 18:54:39 | 004,265,776 | ---- | C] () -- C:\Users\juergen\Desktop\bandizip-setup-gl.exe
[2013.07.12 05:37:20 | 000,001,152 | ---- | C] () -- C:\Users\juergen\Desktop\AutoBinaryEA.lnk
[2013.07.12 05:35:26 | 000,006,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.07.08 22:55:58 | 000,002,058 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.07.08 11:14:37 | 000,157,065 | ---- | C] () -- C:\Users\juergen\Documents\chromebookmarks_08.07.13.html
[2013.07.06 16:56:09 | 000,890,988 | ---- | C] () -- C:\Users\juergen\Desktop\SecurityCheck.exe
[2013.07.03 00:08:02 | 000,001,973 | ---- | C] () -- C:\Users\juergen\Desktop\Audible Manager.lnk
[2013.06.30 17:18:21 | 000,000,334 | ---- | C] () -- C:\Windows\SysWow64\CountScans.XML
[2013.06.29 12:34:51 | 036,095,593 | ---- | C] () -- C:\Users\juergen\Documents\scientology_part1.wma
[2013.06.29 11:42:04 | 000,090,283 | ---- | C] () -- C:\Users\juergen\Documents\Unbenannt.wma
[2013.06.28 13:15:46 | 000,059,402 | ---- | C] () -- C:\Users\juergen\Documents\mittelteil.pdf
[2013.06.28 12:49:29 | 000,001,001 | ---- | C] () -- C:\Users\juergen\Desktop\PDF Architect.lnk
[2013.06.28 12:48:00 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013.06.28 12:23:24 | 000,003,176 | ---- | C] () -- C:\Users\juergen\Documents\mittelteil_opt.pdf
[2013.06.27 16:41:28 | 000,008,203 | ---- | C] () -- C:\Users\juergen\Documents\Untitled_opt.pdf
[2013.06.27 15:49:46 | 000,002,531 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 8.lnk
[2013.06.27 15:49:46 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\Nitro Pro 8.lnk
[2013.06.27 15:29:04 | 000,000,037 | ---- | C] () -- C:\pdfinfo.ini
[2013.06.27 15:28:40 | 000,000,971 | ---- | C] () -- C:\Users\juergen\Desktop\Text To PDF Converter.lnk
[2013.06.27 13:47:30 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.06.27 13:47:30 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2013.06.26 14:58:47 | 000,002,499 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 3.lnk
[2013.06.26 14:58:47 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\Nitro Reader.lnk
[2013.06.21 20:34:51 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.06.21 20:34:46 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.06.21 11:21:40 | 000,001,190 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2013.01.20 21:03:31 | 000,015,360 | ---- | C] () -- C:\Windows\Launcher.exe
[2012.11.13 12:25:38 | 000,012,288 | ---- | C] () -- C:\Users\juergen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.22 21:24:29 | 000,000,600 | ---- | C] () -- C:\Users\juergen\AppData\Local\PUTTY.RND
[2012.09.26 18:39:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.04.26 14:26:18 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\.minecraft
[2013.07.06 16:46:04 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\AbiSuite
[2013.07.12 05:37:25 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\AutoBinaryEA
[2012.12.13 19:20:53 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\Bitcoin
[2013.07.17 18:54:57 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\Common
[2013.06.27 15:47:30 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\Downloaded Installations
[2012.09.27 11:44:34 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\Dual Monitor
[2013.01.10 17:20:21 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\ExpressDownloader
[2013.06.26 14:59:23 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\FileOpen
[2012.11.12 10:54:26 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\Forte
[2013.07.08 22:56:24 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\Foxit Software
[2012.12.02 16:51:09 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\GHISLER
[2013.03.23 18:10:20 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\Hotspot Shield
[2013.01.14 14:18:23 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\ImgBurn
[2013.07.17 18:56:54 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\Intermediate
[2013.07.06 15:10:37 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\IrfanView
[2013.04.23 00:27:13 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\JetBrains
[2013.06.30 12:24:10 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\Nitro
[2013.06.29 13:43:26 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\Nitro PDF
[2012.11.26 12:17:30 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\Notepad++
[2012.11.15 15:33:05 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\old_Skype
[2012.11.25 22:28:56 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\OpenOffice.org
[2013.07.07 10:01:46 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\Pamela
[2013.06.28 13:15:52 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\PDF Architect
[2013.07.17 18:54:57 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\PiccShare
[2013.07.17 18:56:54 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\SCheck
[2013.04.26 15:56:56 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\SecureSearch
[2013.07.17 18:56:54 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\SSync
[2012.11.24 12:43:27 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\Subversion
[2013.01.08 21:29:07 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\TeamViewer
[2012.09.26 19:29:10 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\Thunderbird
[2013.04.22 00:26:43 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\TS3Client
[2013.01.22 21:01:54 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\TuneUp Software
[2013.07.15 01:06:28 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\uTorrent
[2013.07.09 19:07:58 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\WinPatrol
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 18.07.2013 08:29:19 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\juergen\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 77,36% Memory free
6,00 Gb Paging File | 5,08 Gb Available in Paging File | 84,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 351,38 Gb Total Space | 45,95 Gb Free Space | 13,08% Space Free | Partition Type: NTFS
Drive D: | 347,16 Gb Total Space | 83,30 Gb Free Space | 23,99% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 66,09 Gb Free Space | 7,09% Space Free | Partition Type: NTFS
 
Computer Name: JUERGEN-PC | User Name: juergen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0953FAA0-579F-4FBE-9CF1-9A8E99AA2B34}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1138864D-70E3-4709-AB15-B7F41D08BDE4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1D947A81-6B9A-428E-BCBB-F49B298C4175}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{28B74B3B-6135-46BC-8BC5-7A6D708BB78C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{314A257E-0D30-4514-AFB0-EF751FDF65ED}" = lport=445 | protocol=6 | dir=in | app=system | 
"{31A1E47E-F0E4-441B-9C50-79120C4DB79D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{32D4066C-5010-408C-9996-9B0197D86B69}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{349EA076-3C34-47E6-BF1A-9E120A83743C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4B19FD10-28AF-4A72-BBA1-73F14BDE4553}" = rport=138 | protocol=17 | dir=out | app=system | 
"{56098DE1-574C-412E-9030-CE930D9DB144}" = rport=137 | protocol=17 | dir=out | app=system | 
"{720B77E5-9CC8-4C8D-BB5F-729ECB2C21E2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7592F374-394E-46D8-9B95-4918849D2333}" = lport=33333 | protocol=6 | dir=in | name=war thunder | 
"{776A1358-2559-43EE-8C82-1B0399180A7A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7898435A-8CA9-44C9-9EF8-E6C10A520830}" = lport=80 | protocol=6 | dir=in | name=war thunder | 
"{7E486E39-BFAF-49BA-97DC-6E575E7575AF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8459122B-B0F9-4623-A083-70FB045ED250}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8E10A87F-CB22-43FD-9FFC-460C3E125D46}" = lport=20443 | protocol=6 | dir=in | name=war thunder | 
"{95C7B2AB-8C54-4CD5-BB77-AAB6DBAA93CF}" = lport=7850 | protocol=6 | dir=in | name=war thunder | 
"{A352EA00-7819-4668-99E3-7382E73D548F}" = lport=20010 | protocol=17 | dir=in | name=war thunder | 
"{AADEFF8A-6082-4CB9-805D-3BE241832926}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C3844134-2BE8-4495-963A-06026C8ED373}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C3ECCDCD-D8AA-45E4-A4FA-E5580D11C95A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C436BF45-415D-4334-8661-C436C264D8FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D32B33CE-7C41-420E-B545-8F4CE4A19071}" = lport=443 | protocol=6 | dir=in | name=war thunder | 
"{D3965A8A-6BDE-4F4C-9C51-D6F5BC7884C4}" = lport=3478 | protocol=17 | dir=in | name=war thunder | 
"{DB90A747-9A21-4097-BD64-E9434396FD40}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E06F2896-1FC8-47F3-9036-1351FF2807BF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E1D3008F-543B-4037-9AD8-68A6B36644C2}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{ED6A9FD4-E03C-40D6-990B-C2A1293DE9DD}" = lport=6881 | protocol=6 | dir=in | name=war thunder | 
"{F093B2E7-B5F9-46BD-B50D-914F19487521}" = lport=8090 | protocol=6 | dir=in | name=war thunder | 
"{F224B37F-C762-4DCC-9744-A44DA019C783}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F3F21297-F481-4B6B-B97B-10FF0C83A562}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F81B25DF-219C-4973-B141-FC22CC16527B}" = lport=27022 | protocol=6 | dir=in | name=war thunder | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08C0CF2B-7E0E-4404-BF30-0DB153DD881A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0BC8C227-C3E7-4E06-8A4F-2092C66F4481}" = protocol=17 | dir=in | app=c:\program files (x86)\jetbrains\phpstorm 5.0.4\bin\phpstorm.exe | 
"{0FF91406-9482-4E86-903F-D62759FE00B7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1A0C5E73-6AAD-45BF-BCF3-2541182C1C78}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1C8A7ADD-4327-47A3-89C1-DC3B65BB8965}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{320DA25A-BEDB-4035-8E91-404356671C66}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3517C1B7-1D98-407F-9D19-F00B2EE71B56}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{37E8132A-3AC0-4D63-BF81-8D2EBB3A2C7D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{386ED848-CF2B-4A2A-8B87-F9946EF96ED5}" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe | 
"{39DC6EB0-A6CE-4F82-A08C-86A970D73D40}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{3BC4D62C-AB58-494D-A4DE-764F5D10DD0E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3C263B2B-E38A-4BA1-8244-EFD1E2818730}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3F99E8BD-2A3B-43A0-9B86-297206B2A4F1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{41994ABC-8E9F-4B1A-8C8C-D7448066232C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{56FD7580-3903-44D2-91DD-71E4AB9D4CB5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{616322ED-31C6-4772-9A71-F61AAE3DA54E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{64D3F5B1-32A2-41D0-B6AE-AD7BCACA964A}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{671B7A2E-4278-4B35-A912-90FF691E18CD}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{6CAAABA5-230F-42F3-A110-8535AA37B7B5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7405D51C-5862-40A9-B6CE-4382C199FCC0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{76D899C7-B1BD-4F95-8FBC-827DA4590EAB}" = dir=in | app=c:\program files (x86)\protected search\protectedsearch.exe | 
"{7B6D63A5-418E-4DF0-BA6F-6BBDA1D61E08}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{870C69E8-A401-431C-B3D7-528874993F19}" = protocol=6 | dir=out | app=system | 
"{901E8CD7-053D-429B-A238-30A7DDA35806}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9027B203-0F45-441C-AD9D-661825CDD492}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{95C5B89A-416A-4759-B807-578F044CACFD}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{9B2F3A02-9F43-4FF8-87A4-BD5652F55823}" = dir=out | app=c:\program files (x86)\protected search\protectedsearch.exe | 
"{A4A2C1BA-C2CD-41E1-A831-0EC9AAD53285}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AE580838-A2F4-42A6-A714-1796F287353C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B1A6D9EE-E1CA-4A16-AD3E-25AA240D026E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B58003D7-8BB3-4746-88EE-4DAD913D84D2}" = protocol=6 | dir=in | app=c:\program files (x86)\jetbrains\phpstorm 5.0.4\bin\phpstorm.exe | 
"{B5BB09AB-0329-4403-9103-4A235D2BA8D5}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{BA8FE749-115E-4BAF-9079-DE5A785449B1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{D0D0EB0F-1ECD-45F3-85B2-BBDD5866403B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D67BA741-0EB6-41FE-A200-C6C1C40C7C58}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E2359895-BCCA-40F5-9185-167D9E3F3BB4}" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe | 
"{E6D864A2-DD48-4D2C-B99A-F767D1FB205A}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{F9421DC0-1773-4D83-B838-77C586354B4B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{228BBFBD-6BAF-4CF7-80B9-70F9077017C0}C:\program files (x86)\jetbrains\phpstorm 5.0.4\bin\phpstorm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jetbrains\phpstorm 5.0.4\bin\phpstorm.exe | 
"TCP Query User{349C70FB-EBB5-4DA7-83EB-9C4FB397C572}D:\xampp-portable\apache\bin\httpd.exe" = protocol=6 | dir=in | app=d:\xampp-portable\apache\bin\httpd.exe | 
"TCP Query User{3FAF879B-0B4A-4A90-ADC7-0BD03D42DCBF}D:\dateien\psro_full_client_downloader_v3.exe" = protocol=6 | dir=in | app=d:\dateien\psro_full_client_downloader_v3.exe | 
"TCP Query User{55D2A761-77D8-44A0-AEFC-DA53F717B015}D:\xampp-portable\apache\bin\httpd.exe" = protocol=6 | dir=in | app=d:\xampp-portable\apache\bin\httpd.exe | 
"TCP Query User{6849EC73-8D7C-4807-A98F-3423A41E28A5}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe | 
"TCP Query User{862C338A-91EE-4CB6-9E42-1C82D64BF587}C:\program files (x86)\jetbrains\phpstorm 6.0.1\bin\phpstorm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jetbrains\phpstorm 6.0.1\bin\phpstorm.exe | 
"TCP Query User{8DBC5E9A-055C-49C1-B9D9-089FB7057D9E}D:\xampp-portable\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=d:\xampp-portable\mysql\bin\mysqld.exe | 
"TCP Query User{95826BB4-CEEC-450C-AD80-87057C519F55}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{C4A32CF6-1127-4A7B-9543-D97B7F9951C9}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe | 
"TCP Query User{D22A37F5-313E-462E-BED3-5B3D06537EE6}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe | 
"TCP Query User{F7667B02-1F55-4022-8A7B-ED59CB079FCD}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{103EF6BD-0704-4160-B01C-029BEF57F614}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe | 
"UDP Query User{365B4097-271C-463A-B7DF-7D863367BD22}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{6B1A6579-C6BF-417B-8725-D4A101A3E97E}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{6F63CB98-FB15-4A93-AFFB-43C22F92C222}D:\xampp-portable\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=d:\xampp-portable\mysql\bin\mysqld.exe | 
"UDP Query User{880379DB-C9C8-40AB-B659-F213DC682152}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe | 
"UDP Query User{B27CAEF2-37AB-4FED-8571-D3A25CFFA633}D:\xampp-portable\apache\bin\httpd.exe" = protocol=17 | dir=in | app=d:\xampp-portable\apache\bin\httpd.exe | 
"UDP Query User{B364995A-E741-4BD4-89FC-6F54302D9C05}D:\xampp-portable\apache\bin\httpd.exe" = protocol=17 | dir=in | app=d:\xampp-portable\apache\bin\httpd.exe | 
"UDP Query User{DA2B51D4-7E8B-4951-A02D-87DE97B194FB}C:\program files (x86)\jetbrains\phpstorm 6.0.1\bin\phpstorm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jetbrains\phpstorm 6.0.1\bin\phpstorm.exe | 
"UDP Query User{DF7046A7-4F41-4B36-9EEB-56F5A3599820}D:\dateien\psro_full_client_downloader_v3.exe" = protocol=17 | dir=in | app=d:\dateien\psro_full_client_downloader_v3.exe | 
"UDP Query User{EFC43516-2A5A-4315-AA79-BA207BF4CCA5}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe | 
"UDP Query User{F51CA7B6-EBDF-44CF-A171-0D416C3001F7}C:\program files (x86)\jetbrains\phpstorm 5.0.4\bin\phpstorm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jetbrains\phpstorm 5.0.4\bin\phpstorm.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit)
"{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}" = WinPatrol
"{553BDFDD-CEE9-4833-97FB-B4C8BF81FFAD}" = Nitro Reader 3
"{5F073B4F-C59C-43F9-9768-22F7AC6F09E9}" = Nitro Pro 8
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.62
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{064A929A-4DE8-40CF-A901-BD40C14E4D25}" = PDF Architect
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{64AA3F94-ED4A-4A4B-B72C-B7A1481ED5D8}_is1" = Dual Monitor 1.21
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A455317-2FE1-4630-87D5-FF80F2C6E9A7}" = AutoBinaryEA
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.6.0
"{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1" = AION Free-to-Play Version 1.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1" = Gameforge Live 1.0 "Legend"
"{D437FFB6-5C49-4DAC-ABAE-33FF065FE7CC}" = Graphviz 2.28
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.192
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FBCF91B5-34B5-4397-9650-C36221DF2581}" = Mumble 1.2.4
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"AbiWord2" = AbiWord 2.9.4
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AudibleManager" = AudibleManager
"BCWipe" = BCWipe 6.0
"BestCrypt" = BestCrypt 8.0
"Foxit Reader_is1" = Foxit Reader
"GetNZB_is1" = GetNZB Version 1.021
"HotspotShield" = Hotspot Shield 2.88
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"Mozilla Thunderbird 17.0.7 (x86 en-US)" = Mozilla Thunderbird 17.0.7 (x86 en-US)
"Notepad++" = Notepad++
"PhpStorm 6.0.1" = JetBrains PhpStorm 6.0.1
"QuickPar" = QuickPar 0.9
"Revo Uninstaller" = Revo Uninstaller 1.95
"Silkroad" = Silkroad
"TeamViewer 8" = TeamViewer 8
"Text To PDF Converter v1.5_is1" = Text To PDF Converter v1.5
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Bandizip" = Bandizip
"Bitcoin" = Bitcoin
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 17.07.2013 14:22:30 | Computer Name = juergen-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 17.07.2013 14:23:42 | Computer Name = juergen-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 17.07.2013 14:23:44 | Computer Name = juergen-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 18.07.2013 01:32:28 | Computer Name = juergen-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 18.07.2013 01:32:28 | Computer Name = juergen-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 18.07.2013 01:32:28 | Computer Name = juergen-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 18.07.2013 01:32:28 | Computer Name = juergen-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 18.07.2013 01:32:37 | Computer Name = juergen-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom  KLIM6
 
 
< End of report >
         
--- --- ---
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-07-18 09:35:53
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD753LJ rev.1AA01118 698,64GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\juergen\AppData\Local\Temp\axrirfob.sys


---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [1812:2088]                     000007fef8169688
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [2920:2608]  000007fefbaa2a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [2920:2452]  000007fef22ed618

---- EOF - GMER 2.1 ----
         
--- --- ---

Alt 18.07.2013, 09:16   #29
juergen007
 
meldung kostenlos -> stargames.com - Standard

meldung kostenlos -> stargames.com



Habe jetzt bevor ich IE zurücksetzte nochmal OTL und GMER laufen lassen
Trotzdem der "effekt" des aufpoppens von IE (version 10) fenstern, nicht nur bei apache sonder ständig irgendwie...
hänge otl,extras und gmer.txt an,hatte auch n 7-zip gemacht, finde aber nicht datei -anhänge upload hier.OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 18.07.2013 08:29:19 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\juergen\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 77,36% Memory free
6,00 Gb Paging File | 5,08 Gb Available in Paging File | 84,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 351,38 Gb Total Space | 45,95 Gb Free Space | 13,08% Space Free | Partition Type: NTFS
Drive D: | 347,16 Gb Total Space | 83,30 Gb Free Space | 23,99% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 66,09 Gb Free Space | 7,09% Space Free | Partition Type: NTFS
 
Computer Name: JUERGEN-PC | User Name: juergen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.18 08:27:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\juergen\Desktop\OTL.exe
PRC - [2013.06.17 22:01:10 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2013.06.10 12:08:18 | 000,162,856 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2013.04.27 00:24:42 | 000,423,144 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2013.04.08 18:44:12 | 001,320,496 | ---- | M] (pdfforge GmbH) -- C:\Program Files (x86)\PDF Architect\HelperService.exe
PRC - [2013.04.08 18:43:36 | 000,799,280 | ---- | M] (pdfforge GmbH) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.12.10 03:46:38 | 000,600,868 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.08.18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 12:55:58 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wlms\wlms.exe -- (WLMS)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.07.12 11:14:11 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.18 15:13:20 | 000,230,416 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe -- (NitroReaderDriverReadSpool3)
SRV - [2013.06.17 22:01:10 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2013.06.17 22:01:04 | 000,230,408 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8)
SRV - [2013.06.03 16:54:06 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.04.08 18:44:12 | 001,320,496 | ---- | M] (pdfforge GmbH) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2013.04.08 18:43:36 | 000,799,280 | ---- | M] (pdfforge GmbH) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2013.03.06 17:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013.02.23 03:36:04 | 000,545,576 | ---- | M] (AnchorFree Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2013.02.23 03:33:26 | 000,389,928 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013.02.23 03:29:46 | 000,453,928 | ---- | M] (AnchorFree Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2013.02.22 03:54:48 | 000,078,512 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - [2012.12.04 09:00:06 | 000,088,424 | ---- | M] (Jetico, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Jetico\BCWipe\BCWipeSvc.exe -- (BCWipeSvc)
SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.07.04 12:20:13 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013.04.11 11:06:54 | 000,039,504 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2013.02.22 03:53:00 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013.02.22 03:43:20 | 000,046,280 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2012.12.05 10:40:04 | 000,031,488 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MftWipeFilter.sys -- (MftWipeFilter)
DRV:64bit: - [2012.11.23 09:34:02 | 000,067,840 | ---- | M] (Jetico, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsh.sys -- (fsh)
DRV:64bit: - [2012.11.22 14:17:18 | 000,177,920 | ---- | M] (Jetico, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\bcfnt.sys -- (bcfnt)
DRV:64bit: - [2012.08.23 05:58:48 | 000,078,440 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bcbus.sys -- (bcbus)
DRV:64bit: - [2012.08.17 06:08:28 | 000,034,408 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_tfish.sys -- (BC_TFISH)
DRV:64bit: - [2012.08.17 06:08:06 | 000,036,968 | ---- | M] (Michael Oestergaard Pedersen) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_serp.sys -- (BC_SERP)
DRV:64bit: - [2012.08.17 06:07:45 | 000,051,304 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_rijn.sys -- (BC_RIJN)
DRV:64bit: - [2012.08.17 06:07:24 | 000,030,312 | ---- | M] (Michael Oestergaard Pedersen) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_rc6.sys -- (BC_RC6)
DRV:64bit: - [2012.08.17 06:05:05 | 000,027,752 | ---- | M] (Iarsn) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_idea.sys -- (BC_IDEA)
DRV:64bit: - [2012.08.17 06:04:44 | 000,025,704 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_gost.sys -- (BC_Gost)
DRV:64bit: - [2012.08.17 06:04:01 | 000,033,896 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_des.sys -- (BC_DES)
DRV:64bit: - [2012.08.17 06:03:40 | 000,037,480 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_cast.sys -- (BC_CAST)
DRV:64bit: - [2012.08.17 06:03:19 | 000,030,824 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_bfish.sys -- (BC_BFish)
DRV:64bit: - [2012.08.17 06:02:57 | 000,030,824 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_bf448.sys -- (BC_BF448)
DRV:64bit: - [2012.08.17 06:02:36 | 000,030,824 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_bf128.sys -- (BC_BF128)
DRV:64bit: - [2012.08.17 06:02:14 | 000,034,408 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_3des.sys -- (BC_3DES)
DRV:64bit: - [2012.08.02 16:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012.03.26 23:45:14 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.02 09:02:47 | 000,124,992 | ---- | M] (Jetico, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\bcswap.sys -- (BCSWAP)
DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.07.17 06:02:40 | 000,013,376 | ---- | M] (Jetico, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\moh.sys -- (moh)
DRV:64bit: - [2010.07.17 06:02:18 | 000,017,472 | ---- | M] (Jetico, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mhk.sys -- (mhk)
DRV:64bit: - [2009.08.18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.25 04:14:46 | 000,058,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\l160x64.sys -- (AtcL001)
DRV:64bit: - [2009.06.22 20:38:32 | 000,116,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.06.22 20:26:38 | 000,113,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = Google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = Google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = Google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = Google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = Google
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = Google
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472F-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..extensions.enabledAddons: info%40elime.be:1.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF.PrevVerNPR: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.06.28 12:48:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.06 19:53:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.09 01:30:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\SpecialSavings@SpecialSavings.com: C:\Users\juergen\AppData\Roaming\Mozilla\Extensions\SpecialSavings@SpecialSavings.com [2013.02.27 12:28:36 | 000,000,000 | ---D | M]
 
[2013.02.27 12:28:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\juergen\AppData\Roaming\mozilla\Extensions
[2013.02.27 12:28:36 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Users\juergen\AppData\Roaming\mozilla\Extensions\SpecialSavings@SpecialSavings.com
[2013.02.27 12:28:39 | 000,000,000 | ---D | M] (Smiley Bar for Facebook) -- C:\Users\juergen\AppData\Roaming\mozilla\Extensions\statuswinks@StatusWinks
[2013.07.04 16:42:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\juergen\AppData\Roaming\mozilla\Firefox\Profiles\rh1oohzh.default\extensions
[2013.06.20 21:47:22 | 002,168,615 | ---- | M] () (No name found) -- C:\Users\juergen\AppData\Roaming\mozilla\firefox\profiles\rh1oohzh.default\extensions\firebug@software.joehewitt.com.xpi
[2012.11.25 15:43:39 | 000,013,136 | ---- | M] () (No name found) -- C:\Users\juergen\AppData\Roaming\mozilla\firefox\profiles\rh1oohzh.default\extensions\info@elime.be.xpi
[2013.03.22 11:13:37 | 000,002,418 | ---- | M] () -- C:\Users\juergen\AppData\Roaming\mozilla\firefox\profiles\rh1oohzh.default\searchplugins\englische-ergebnisse.xml
[2013.03.22 11:13:37 | 000,010,701 | ---- | M] () -- C:\Users\juergen\AppData\Roaming\mozilla\firefox\profiles\rh1oohzh.default\searchplugins\gmx-suche.xml
[2013.03.22 11:13:37 | 000,002,432 | ---- | M] () -- C:\Users\juergen\AppData\Roaming\mozilla\firefox\profiles\rh1oohzh.default\searchplugins\lastminute.xml
[2013.03.22 11:13:36 | 000,005,682 | ---- | M] () -- C:\Users\juergen\AppData\Roaming\mozilla\firefox\profiles\rh1oohzh.default\searchplugins\webde-suche.xml
[2013.07.06 19:54:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.07.06 19:54:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013.07.07 11:21:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
O2 - BHO: (PiccShare BHO) - {553318DA-D010-469E-84B1-496563CAE1C0} - C:\Users\juergen\AppData\Local\ext_piccshare\ext_piccshare.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKCU..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbNailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB4D40BA-8971-4822-AF56-8907CF5C9368}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\program files (x86)\microsoft\desktoplayer.exe) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.07.01 21:55:07 | 000,000,000 | ---D | M] - C:\autos -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.18 08:27:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\juergen\Desktop\OTL.exe
[2013.07.17 18:56:54 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\SSync
[2013.07.17 18:56:54 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\SCheck
[2013.07.17 18:56:54 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\Intermediate
[2013.07.17 18:54:57 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\PiccShare
[2013.07.17 18:54:57 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\Common
[2013.07.17 18:54:54 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bandizip
[2013.07.17 18:54:51 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Local\Bandizip
[2013.07.12 11:13:46 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Local\Adobe
[2013.07.12 05:37:17 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AutoBinaryEA
[2013.07.12 05:32:59 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\AutoBinaryEA
[2013.07.10 08:43:07 | 001,776,221 | ---- | C] (Farbar) -- C:\Users\juergen\Desktop\FRST64 (2).exe
[2013.07.09 19:07:58 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\WinPatrol
[2013.07.09 19:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2013.07.09 19:07:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2013.07.08 22:55:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013.07.08 22:55:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2013.07.08 10:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.07.08 10:32:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.07.07 22:27:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.07.07 11:24:54 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.07.06 20:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.07.06 20:20:44 | 000,000,000 | ---D | C] -- C:\Users\juergen\Documents\Pamela
[2013.07.06 20:20:38 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\Pamela
[2013.07.06 19:53:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.07.06 10:30:46 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Local\Apps
[2013.07.06 08:47:54 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013.07.05 21:02:10 | 002,347,384 | ---- | C] (ESET) -- C:\Users\juergen\Desktop\esetsmartinstaller_enu.exe
[2013.07.05 16:39:46 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.07.05 16:39:37 | 000,000,000 | ---D | C] -- C:\JRT
[2013.07.05 13:32:52 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\juergen\Desktop\JRT.exe
[2013.07.04 18:01:57 | 001,934,636 | ---- | C] (Farbar) -- C:\Users\juergen\Desktop\FRST64.exe
[2013.07.04 17:36:59 | 000,000,000 | ---D | C] -- C:\~BCWipe.stu
[2013.07.04 16:26:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.07.04 14:24:47 | 000,000,000 | ---D | C] -- C:\FRST
[2013.07.03 00:07:59 | 000,255,352 | ---- | C] (Audible, Inc.) -- C:\Windows\SysWow64\awrdscdc.ax
[2013.07.03 00:07:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
[2013.07.01 21:55:00 | 000,000,000 | ---D | C] -- C:\autos
[2013.06.28 15:18:51 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\Nitro PDF
[2013.06.28 13:15:50 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\PDF Architect
[2013.06.28 12:49:21 | 000,000,000 | ---D | C] -- C:\Users\juergen\Documents\PDF Architect Files
[2013.06.28 12:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
[2013.06.28 12:48:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Architect
[2013.06.28 12:48:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.06.28 12:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2013.06.28 12:47:51 | 000,110,264 | ---- | C] (pdfforge GmbH) -- C:\Windows\SysNative\pdfcmon.dll
[2013.06.28 12:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2013.06.27 15:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Text To PDF Converter v1.5
[2013.06.27 15:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Text2PDF v1.5
[2013.06.27 14:18:01 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Local\PDF24
[2013.06.27 13:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2013.06.27 13:47:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24
[2013.06.26 14:59:23 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\Nitro
[2013.06.26 14:59:23 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\FileOpen
[2013.06.26 14:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen
[2013.06.26 14:58:51 | 000,029,712 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll
[2013.06.26 14:58:51 | 000,017,928 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll
[2013.06.26 14:58:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro
[2013.06.26 14:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro
[2013.06.26 14:58:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro
[2013.06.26 14:58:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro
[2013.06.26 14:56:25 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\Downloaded Installations
[2013.06.25 20:27:09 | 000,000,000 | ---D | C] -- C:\realtek_pcielan_7_mb
[2013.06.24 12:32:59 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\AbiSuite
[2013.06.24 12:32:49 | 000,000,000 | ---D | C] -- C:\Users\juergen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor
[2013.06.24 12:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor
[2013.06.24 12:32:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AbiWord
[2013.06.21 21:51:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\en-US
[2013.06.21 21:51:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\en
[2013.06.21 21:51:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0409
[2013.06.21 21:51:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\en
[2013.06.21 21:51:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0409
[2013.06.21 21:51:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\en-US
[2013.06.21 21:40:46 | 000,003,584 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\en-US\pscr.sys.mui
[2013.06.21 21:40:19 | 000,010,240 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\en-US\BrSerIb.sys.mui
[2013.06.21 21:40:17 | 000,010,240 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\en-US\BrSerId.sys.mui
[2013.06.21 21:40:17 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\en-US\BrParwdm.sys.mui
[2013.06.20 21:41:56 | 000,039,504 | ---- | C] (ThreatTrack Security) -- C:\Windows\SysNative\drivers\gfiark.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.18 08:27:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\juergen\Desktop\OTL.exe
[2013.07.18 08:26:07 | 000,000,000 | ---- | M] () -- C:\Users\juergen\defogger_reenable
[2013.07.18 08:24:04 | 000,050,477 | ---- | M] () -- C:\Users\juergen\Desktop\Defogger.exe
[2013.07.18 07:42:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.18 07:37:43 | 000,016,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.18 07:37:43 | 000,016,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.18 07:32:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.18 07:32:20 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.17 19:51:21 | 000,662,345 | ---- | M] () -- C:\Users\juergen\Desktop\adwcleaner(1).exe
[2013.07.17 18:54:54 | 000,001,190 | ---- | M] () -- C:\Users\juergen\Desktop\Bandizip.lnk
[2013.07.17 18:54:43 | 004,265,776 | ---- | M] () -- C:\Users\juergen\Desktop\bandizip-setup-gl.exe
[2013.07.17 09:19:01 | 001,059,888 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.17 09:19:01 | 000,820,578 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.17 09:19:01 | 000,266,264 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.17 09:19:01 | 000,226,204 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.17 09:19:01 | 000,006,248 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.12 05:37:20 | 000,001,152 | ---- | M] () -- C:\Users\juergen\Desktop\AutoBinaryEA.lnk
[2013.07.12 05:36:33 | 000,006,230 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.07.11 16:00:23 | 000,295,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.07.11 12:08:09 | 000,019,996 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2013.07.10 08:42:01 | 001,776,221 | ---- | M] (Farbar) -- C:\Users\juergen\Desktop\FRST64 (2).exe
[2013.07.08 22:55:58 | 000,002,058 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.07.08 11:14:37 | 000,157,065 | ---- | M] () -- C:\Users\juergen\Documents\chromebookmarks_08.07.13.html
[2013.07.07 11:21:19 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.07.06 18:25:01 | 000,246,767 | ---- | M] () -- C:\Users\juergen\Documents\Scientology, Betroffenenbericht.htm
[2013.07.06 18:25:00 | 000,124,946 | ---- | M] () -- C:\Users\juergen\Documents\erfinder.htm
[2013.07.06 16:55:50 | 000,890,988 | ---- | M] () -- C:\Users\juergen\Desktop\SecurityCheck.exe
[2013.07.06 08:47:54 | 000,001,272 | ---- | M] () -- C:\Users\juergen\Desktop\Revo Uninstaller.lnk
[2013.07.05 21:01:49 | 002,347,384 | ---- | M] (ESET) -- C:\Users\juergen\Desktop\esetsmartinstaller_enu.exe
[2013.07.05 13:40:12 | 000,001,057 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.07.05 13:32:33 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\juergen\Desktop\JRT.exe
[2013.07.04 14:23:10 | 001,934,636 | ---- | M] (Farbar) -- C:\Users\juergen\Desktop\FRST64.exe
[2013.07.04 12:20:13 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.07.03 00:08:02 | 000,001,973 | ---- | M] () -- C:\Users\juergen\Desktop\Audible Manager.lnk
[2013.07.03 00:07:59 | 000,255,352 | ---- | M] (Audible, Inc.) -- C:\Windows\SysWow64\awrdscdc.ax
[2013.06.30 17:18:21 | 000,000,334 | ---- | M] () -- C:\Windows\SysWow64\CountScans.XML
[2013.06.29 12:34:51 | 036,095,593 | ---- | M] () -- C:\Users\juergen\Documents\scientology_part1.wma
[2013.06.29 11:42:04 | 000,090,283 | ---- | M] () -- C:\Users\juergen\Documents\Unbenannt.wma
[2013.06.28 13:15:46 | 000,059,402 | ---- | M] () -- C:\Users\juergen\Documents\mittelteil.pdf
[2013.06.28 12:49:29 | 000,001,001 | ---- | M] () -- C:\Users\juergen\Desktop\PDF Architect.lnk
[2013.06.28 12:48:00 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013.06.28 12:23:24 | 000,003,176 | ---- | M] () -- C:\Users\juergen\Documents\mittelteil_opt.pdf
[2013.06.27 16:41:28 | 000,008,203 | ---- | M] () -- C:\Users\juergen\Documents\Untitled_opt.pdf
[2013.06.27 15:49:46 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\Nitro Pro 8.lnk
[2013.06.27 15:30:00 | 000,000,037 | ---- | M] () -- C:\pdfinfo.ini
[2013.06.27 15:28:40 | 000,000,971 | ---- | M] () -- C:\Users\juergen\Desktop\Text To PDF Converter.lnk
[2013.06.27 13:47:30 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.06.27 13:47:30 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2013.06.26 14:58:47 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Nitro Reader.lnk
[2013.06.21 20:34:51 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.06.21 20:34:46 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.06.21 11:21:40 | 000,001,190 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2013.06.18 15:13:00 | 000,029,712 | ---- | M] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll
 
========== Files Created - No Company Name ==========
 
[2013.07.18 08:26:07 | 000,000,000 | ---- | C] () -- C:\Users\juergen\defogger_reenable
[2013.07.18 08:24:22 | 000,050,477 | ---- | C] () -- C:\Users\juergen\Desktop\Defogger.exe
[2013.07.17 19:51:46 | 000,662,345 | ---- | C] () -- C:\Users\juergen\Desktop\adwcleaner(1).exe
[2013.07.17 18:54:54 | 000,001,190 | ---- | C] () -- C:\Users\juergen\Desktop\Bandizip.lnk
[2013.07.17 18:54:39 | 004,265,776 | ---- | C] () -- C:\Users\juergen\Desktop\bandizip-setup-gl.exe
[2013.07.12 05:37:20 | 000,001,152 | ---- | C] () -- C:\Users\juergen\Desktop\AutoBinaryEA.lnk
[2013.07.12 05:35:26 | 000,006,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.07.08 22:55:58 | 000,002,058 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.07.08 11:14:37 | 000,157,065 | ---- | C] () -- C:\Users\juergen\Documents\chromebookmarks_08.07.13.html
[2013.07.06 16:56:09 | 000,890,988 | ---- | C] () -- C:\Users\juergen\Desktop\SecurityCheck.exe
[2013.07.03 00:08:02 | 000,001,973 | ---- | C] () -- C:\Users\juergen\Desktop\Audible Manager.lnk
[2013.06.30 17:18:21 | 000,000,334 | ---- | C] () -- C:\Windows\SysWow64\CountScans.XML
[2013.06.29 12:34:51 | 036,095,593 | ---- | C] () -- C:\Users\juergen\Documents\scientology_part1.wma
[2013.06.29 11:42:04 | 000,090,283 | ---- | C] () -- C:\Users\juergen\Documents\Unbenannt.wma
[2013.06.28 13:15:46 | 000,059,402 | ---- | C] () -- C:\Users\juergen\Documents\mittelteil.pdf
[2013.06.28 12:49:29 | 000,001,001 | ---- | C] () -- C:\Users\juergen\Desktop\PDF Architect.lnk
[2013.06.28 12:48:00 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013.06.28 12:23:24 | 000,003,176 | ---- | C] () -- C:\Users\juergen\Documents\mittelteil_opt.pdf
[2013.06.27 16:41:28 | 000,008,203 | ---- | C] () -- C:\Users\juergen\Documents\Untitled_opt.pdf
[2013.06.27 15:49:46 | 000,002,531 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 8.lnk
[2013.06.27 15:49:46 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\Nitro Pro 8.lnk
[2013.06.27 15:29:04 | 000,000,037 | ---- | C] () -- C:\pdfinfo.ini
[2013.06.27 15:28:40 | 000,000,971 | ---- | C] () -- C:\Users\juergen\Desktop\Text To PDF Converter.lnk
[2013.06.27 13:47:30 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.06.27 13:47:30 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2013.06.26 14:58:47 | 000,002,499 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 3.lnk
[2013.06.26 14:58:47 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\Nitro Reader.lnk
[2013.06.21 20:34:51 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.06.21 20:34:46 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.06.21 11:21:40 | 000,001,190 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2013.01.20 21:03:31 | 000,015,360 | ---- | C] () -- C:\Windows\Launcher.exe
[2012.11.13 12:25:38 | 000,012,288 | ---- | C] () -- C:\Users\juergen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.22 21:24:29 | 000,000,600 | ---- | C] () -- C:\Users\juergen\AppData\Local\PUTTY.RND
[2012.09.26 18:39:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.04.26 14:26:18 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\.minecraft
[2013.07.06 16:46:04 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\AbiSuite
[2013.07.12 05:37:25 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\AutoBinaryEA
[2012.12.13 19:20:53 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\Bitcoin
[2013.07.17 18:54:57 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\Common
[2013.06.27 15:47:30 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\Downloaded Installations
[2012.09.27 11:44:34 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\Dual Monitor
[2013.01.10 17:20:21 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\ExpressDownloader
[2013.06.26 14:59:23 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\FileOpen
[2012.11.12 10:54:26 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\Forte
[2013.07.08 22:56:24 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\Foxit Software
[2012.12.02 16:51:09 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\GHISLER
[2013.03.23 18:10:20 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\Hotspot Shield
[2013.01.14 14:18:23 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\ImgBurn
[2013.07.17 18:56:54 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\Intermediate
[2013.07.06 15:10:37 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\IrfanView
[2013.04.23 00:27:13 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\JetBrains
[2013.06.30 12:24:10 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\Nitro
[2013.06.29 13:43:26 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\Nitro PDF
[2012.11.26 12:17:30 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\Notepad++
[2012.11.15 15:33:05 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\old_Skype
[2012.11.25 22:28:56 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\OpenOffice.org
[2013.07.07 10:01:46 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\Pamela
[2013.06.28 13:15:52 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\PDF Architect
[2013.07.17 18:54:57 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\PiccShare
[2013.07.17 18:56:54 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\SCheck
[2013.04.26 15:56:56 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\SecureSearch
[2013.07.17 18:56:54 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\SSync
[2012.11.24 12:43:27 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\Subversion
[2013.01.08 21:29:07 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\TeamViewer
[2012.09.26 19:29:10 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\Thunderbird
[2013.04.22 00:26:43 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\TS3Client
[2013.01.22 21:01:54 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\TuneUp Software
[2013.07.15 01:06:28 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\uTorrent
[2013.07.09 19:07:58 | 000,000,000 | ---D | M] -- C:\Users\juergen\AppData\Roaming\WinPatrol
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 18.07.2013 08:29:19 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\juergen\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 77,36% Memory free
6,00 Gb Paging File | 5,08 Gb Available in Paging File | 84,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 351,38 Gb Total Space | 45,95 Gb Free Space | 13,08% Space Free | Partition Type: NTFS
Drive D: | 347,16 Gb Total Space | 83,30 Gb Free Space | 23,99% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 66,09 Gb Free Space | 7,09% Space Free | Partition Type: NTFS
 
Computer Name: JUERGEN-PC | User Name: juergen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0953FAA0-579F-4FBE-9CF1-9A8E99AA2B34}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1138864D-70E3-4709-AB15-B7F41D08BDE4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1D947A81-6B9A-428E-BCBB-F49B298C4175}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{28B74B3B-6135-46BC-8BC5-7A6D708BB78C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{314A257E-0D30-4514-AFB0-EF751FDF65ED}" = lport=445 | protocol=6 | dir=in | app=system | 
"{31A1E47E-F0E4-441B-9C50-79120C4DB79D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{32D4066C-5010-408C-9996-9B0197D86B69}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{349EA076-3C34-47E6-BF1A-9E120A83743C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4B19FD10-28AF-4A72-BBA1-73F14BDE4553}" = rport=138 | protocol=17 | dir=out | app=system | 
"{56098DE1-574C-412E-9030-CE930D9DB144}" = rport=137 | protocol=17 | dir=out | app=system | 
"{720B77E5-9CC8-4C8D-BB5F-729ECB2C21E2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7592F374-394E-46D8-9B95-4918849D2333}" = lport=33333 | protocol=6 | dir=in | name=war thunder | 
"{776A1358-2559-43EE-8C82-1B0399180A7A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7898435A-8CA9-44C9-9EF8-E6C10A520830}" = lport=80 | protocol=6 | dir=in | name=war thunder | 
"{7E486E39-BFAF-49BA-97DC-6E575E7575AF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8459122B-B0F9-4623-A083-70FB045ED250}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8E10A87F-CB22-43FD-9FFC-460C3E125D46}" = lport=20443 | protocol=6 | dir=in | name=war thunder | 
"{95C7B2AB-8C54-4CD5-BB77-AAB6DBAA93CF}" = lport=7850 | protocol=6 | dir=in | name=war thunder | 
"{A352EA00-7819-4668-99E3-7382E73D548F}" = lport=20010 | protocol=17 | dir=in | name=war thunder | 
"{AADEFF8A-6082-4CB9-805D-3BE241832926}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C3844134-2BE8-4495-963A-06026C8ED373}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C3ECCDCD-D8AA-45E4-A4FA-E5580D11C95A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C436BF45-415D-4334-8661-C436C264D8FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D32B33CE-7C41-420E-B545-8F4CE4A19071}" = lport=443 | protocol=6 | dir=in | name=war thunder | 
"{D3965A8A-6BDE-4F4C-9C51-D6F5BC7884C4}" = lport=3478 | protocol=17 | dir=in | name=war thunder | 
"{DB90A747-9A21-4097-BD64-E9434396FD40}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E06F2896-1FC8-47F3-9036-1351FF2807BF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E1D3008F-543B-4037-9AD8-68A6B36644C2}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{ED6A9FD4-E03C-40D6-990B-C2A1293DE9DD}" = lport=6881 | protocol=6 | dir=in | name=war thunder | 
"{F093B2E7-B5F9-46BD-B50D-914F19487521}" = lport=8090 | protocol=6 | dir=in | name=war thunder | 
"{F224B37F-C762-4DCC-9744-A44DA019C783}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F3F21297-F481-4B6B-B97B-10FF0C83A562}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F81B25DF-219C-4973-B141-FC22CC16527B}" = lport=27022 | protocol=6 | dir=in | name=war thunder | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08C0CF2B-7E0E-4404-BF30-0DB153DD881A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0BC8C227-C3E7-4E06-8A4F-2092C66F4481}" = protocol=17 | dir=in | app=c:\program files (x86)\jetbrains\phpstorm 5.0.4\bin\phpstorm.exe | 
"{0FF91406-9482-4E86-903F-D62759FE00B7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1A0C5E73-6AAD-45BF-BCF3-2541182C1C78}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1C8A7ADD-4327-47A3-89C1-DC3B65BB8965}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{320DA25A-BEDB-4035-8E91-404356671C66}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3517C1B7-1D98-407F-9D19-F00B2EE71B56}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{37E8132A-3AC0-4D63-BF81-8D2EBB3A2C7D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{386ED848-CF2B-4A2A-8B87-F9946EF96ED5}" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe | 
"{39DC6EB0-A6CE-4F82-A08C-86A970D73D40}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{3BC4D62C-AB58-494D-A4DE-764F5D10DD0E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3C263B2B-E38A-4BA1-8244-EFD1E2818730}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3F99E8BD-2A3B-43A0-9B86-297206B2A4F1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{41994ABC-8E9F-4B1A-8C8C-D7448066232C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{56FD7580-3903-44D2-91DD-71E4AB9D4CB5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{616322ED-31C6-4772-9A71-F61AAE3DA54E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{64D3F5B1-32A2-41D0-B6AE-AD7BCACA964A}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{671B7A2E-4278-4B35-A912-90FF691E18CD}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{6CAAABA5-230F-42F3-A110-8535AA37B7B5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7405D51C-5862-40A9-B6CE-4382C199FCC0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{76D899C7-B1BD-4F95-8FBC-827DA4590EAB}" = dir=in | app=c:\program files (x86)\protected search\protectedsearch.exe | 
"{7B6D63A5-418E-4DF0-BA6F-6BBDA1D61E08}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{870C69E8-A401-431C-B3D7-528874993F19}" = protocol=6 | dir=out | app=system | 
"{901E8CD7-053D-429B-A238-30A7DDA35806}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9027B203-0F45-441C-AD9D-661825CDD492}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{95C5B89A-416A-4759-B807-578F044CACFD}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{9B2F3A02-9F43-4FF8-87A4-BD5652F55823}" = dir=out | app=c:\program files (x86)\protected search\protectedsearch.exe | 
"{A4A2C1BA-C2CD-41E1-A831-0EC9AAD53285}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AE580838-A2F4-42A6-A714-1796F287353C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B1A6D9EE-E1CA-4A16-AD3E-25AA240D026E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B58003D7-8BB3-4746-88EE-4DAD913D84D2}" = protocol=6 | dir=in | app=c:\program files (x86)\jetbrains\phpstorm 5.0.4\bin\phpstorm.exe | 
"{B5BB09AB-0329-4403-9103-4A235D2BA8D5}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{BA8FE749-115E-4BAF-9079-DE5A785449B1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{D0D0EB0F-1ECD-45F3-85B2-BBDD5866403B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D67BA741-0EB6-41FE-A200-C6C1C40C7C58}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E2359895-BCCA-40F5-9185-167D9E3F3BB4}" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe | 
"{E6D864A2-DD48-4D2C-B99A-F767D1FB205A}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{F9421DC0-1773-4D83-B838-77C586354B4B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{228BBFBD-6BAF-4CF7-80B9-70F9077017C0}C:\program files (x86)\jetbrains\phpstorm 5.0.4\bin\phpstorm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jetbrains\phpstorm 5.0.4\bin\phpstorm.exe | 
"TCP Query User{349C70FB-EBB5-4DA7-83EB-9C4FB397C572}D:\xampp-portable\apache\bin\httpd.exe" = protocol=6 | dir=in | app=d:\xampp-portable\apache\bin\httpd.exe | 
"TCP Query User{3FAF879B-0B4A-4A90-ADC7-0BD03D42DCBF}D:\dateien\psro_full_client_downloader_v3.exe" = protocol=6 | dir=in | app=d:\dateien\psro_full_client_downloader_v3.exe | 
"TCP Query User{55D2A761-77D8-44A0-AEFC-DA53F717B015}D:\xampp-portable\apache\bin\httpd.exe" = protocol=6 | dir=in | app=d:\xampp-portable\apache\bin\httpd.exe | 
"TCP Query User{6849EC73-8D7C-4807-A98F-3423A41E28A5}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe | 
"TCP Query User{862C338A-91EE-4CB6-9E42-1C82D64BF587}C:\program files (x86)\jetbrains\phpstorm 6.0.1\bin\phpstorm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jetbrains\phpstorm 6.0.1\bin\phpstorm.exe | 
"TCP Query User{8DBC5E9A-055C-49C1-B9D9-089FB7057D9E}D:\xampp-portable\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=d:\xampp-portable\mysql\bin\mysqld.exe | 
"TCP Query User{95826BB4-CEEC-450C-AD80-87057C519F55}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{C4A32CF6-1127-4A7B-9543-D97B7F9951C9}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe | 
"TCP Query User{D22A37F5-313E-462E-BED3-5B3D06537EE6}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe | 
"TCP Query User{F7667B02-1F55-4022-8A7B-ED59CB079FCD}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{103EF6BD-0704-4160-B01C-029BEF57F614}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe | 
"UDP Query User{365B4097-271C-463A-B7DF-7D863367BD22}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{6B1A6579-C6BF-417B-8725-D4A101A3E97E}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{6F63CB98-FB15-4A93-AFFB-43C22F92C222}D:\xampp-portable\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=d:\xampp-portable\mysql\bin\mysqld.exe | 
"UDP Query User{880379DB-C9C8-40AB-B659-F213DC682152}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe | 
"UDP Query User{B27CAEF2-37AB-4FED-8571-D3A25CFFA633}D:\xampp-portable\apache\bin\httpd.exe" = protocol=17 | dir=in | app=d:\xampp-portable\apache\bin\httpd.exe | 
"UDP Query User{B364995A-E741-4BD4-89FC-6F54302D9C05}D:\xampp-portable\apache\bin\httpd.exe" = protocol=17 | dir=in | app=d:\xampp-portable\apache\bin\httpd.exe | 
"UDP Query User{DA2B51D4-7E8B-4951-A02D-87DE97B194FB}C:\program files (x86)\jetbrains\phpstorm 6.0.1\bin\phpstorm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jetbrains\phpstorm 6.0.1\bin\phpstorm.exe | 
"UDP Query User{DF7046A7-4F41-4B36-9EEB-56F5A3599820}D:\dateien\psro_full_client_downloader_v3.exe" = protocol=17 | dir=in | app=d:\dateien\psro_full_client_downloader_v3.exe | 
"UDP Query User{EFC43516-2A5A-4315-AA79-BA207BF4CCA5}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe | 
"UDP Query User{F51CA7B6-EBDF-44CF-A171-0D416C3001F7}C:\program files (x86)\jetbrains\phpstorm 5.0.4\bin\phpstorm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jetbrains\phpstorm 5.0.4\bin\phpstorm.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit)
"{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}" = WinPatrol
"{553BDFDD-CEE9-4833-97FB-B4C8BF81FFAD}" = Nitro Reader 3
"{5F073B4F-C59C-43F9-9768-22F7AC6F09E9}" = Nitro Pro 8
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.62
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{064A929A-4DE8-40CF-A901-BD40C14E4D25}" = PDF Architect
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{64AA3F94-ED4A-4A4B-B72C-B7A1481ED5D8}_is1" = Dual Monitor 1.21
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A455317-2FE1-4630-87D5-FF80F2C6E9A7}" = AutoBinaryEA
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.6.0
"{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1" = AION Free-to-Play Version 1.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1" = Gameforge Live 1.0 "Legend"
"{D437FFB6-5C49-4DAC-ABAE-33FF065FE7CC}" = Graphviz 2.28
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.192
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FBCF91B5-34B5-4397-9650-C36221DF2581}" = Mumble 1.2.4
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"AbiWord2" = AbiWord 2.9.4
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AudibleManager" = AudibleManager
"BCWipe" = BCWipe 6.0
"BestCrypt" = BestCrypt 8.0
"Foxit Reader_is1" = Foxit Reader
"GetNZB_is1" = GetNZB Version 1.021
"HotspotShield" = Hotspot Shield 2.88
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"Mozilla Thunderbird 17.0.7 (x86 en-US)" = Mozilla Thunderbird 17.0.7 (x86 en-US)
"Notepad++" = Notepad++
"PhpStorm 6.0.1" = JetBrains PhpStorm 6.0.1
"QuickPar" = QuickPar 0.9
"Revo Uninstaller" = Revo Uninstaller 1.95
"Silkroad" = Silkroad
"TeamViewer 8" = TeamViewer 8
"Text To PDF Converter v1.5_is1" = Text To PDF Converter v1.5
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Bandizip" = Bandizip
"Bitcoin" = Bitcoin
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 17.07.2013 14:22:30 | Computer Name = juergen-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 17.07.2013 14:23:42 | Computer Name = juergen-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 17.07.2013 14:23:44 | Computer Name = juergen-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 18.07.2013 01:32:28 | Computer Name = juergen-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 18.07.2013 01:32:28 | Computer Name = juergen-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 18.07.2013 01:32:28 | Computer Name = juergen-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 18.07.2013 01:32:28 | Computer Name = juergen-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 18.07.2013 01:32:37 | Computer Name = juergen-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom  KLIM6
 
 
< End of report >
         
--- --- ---

GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-07-18 09:35:53
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD753LJ rev.1AA01118 698,64GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\juergen\AppData\Local\Temp\axrirfob.sys


---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [1812:2088]                     000007fef8169688
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [2920:2608]  000007fefbaa2a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [2920:2452]  000007fef22ed618

---- EOF - GMER 2.1 ----
         
--- --- ---

Alt 18.07.2013, 09:51   #30
schrauber
/// the machine
/// TB-Ausbilder
 

meldung kostenlos -> stargames.com - Standard

meldung kostenlos -> stargames.com



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Thema geschlossen

Themen zu meldung kostenlos -> stargames.com
antivir, enterprise, firefox, hoffe, javascript, kostenlos, link, meldung, nichts, richtig, spybot, website, websiten, zunge




Ähnliche Themen: meldung kostenlos -> stargames.com


  1. Windows 10 Upgrade auf DVD (kostenlos)
    Alles rund um Windows - 11.06.2015 (1)
  2. mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?
    Log-Analyse und Auswertung - 04.05.2015 (43)
  3. Trojaner entfernen kostenlos?
    Log-Analyse und Auswertung - 21.02.2015 (1)
  4. Laptop am besten schützen - kostenlos
    Alles rund um Windows - 30.01.2014 (19)
  5. Windows XP - Mozilla Firefox startet mit Stargames und wird langsamer
    Log-Analyse und Auswertung - 11.10.2013 (9)
  6. Claro-Search kostenlos entfernen
    Plagegeister aller Art und deren Bekämpfung - 20.11.2012 (19)
  7. Probetraining: Windows 8 kostenlos testen
    Nachrichten - 28.08.2012 (0)
  8. Avira 6 Monate Lizenz Kostenlos
    Antiviren-, Firewall- und andere Schutzprogramme - 17.09.2011 (1)
  9. Kill Disc ,welcher ist gut und kostenlos ?
    Diskussionsforum - 26.03.2011 (2)
  10. Bulgard Antivirus kostenlos bei Chip
    Antiviren-, Firewall- und andere Schutzprogramme - 07.02.2011 (10)
  11. Kostenlos Vs Kostenpflichtig
    Antiviren-, Firewall- und andere Schutzprogramme - 31.07.2008 (7)
  12. unterschied zwischen kostenlos und kostenpflichtig
    Mülltonne - 12.05.2007 (4)
  13. Kaspersky kostenlos
    Mülltonne - 19.11.2006 (11)
  14. Bitdefender 8 kostenlos für ein Jahr
    Antiviren-, Firewall- und andere Schutzprogramme - 04.03.2006 (11)

Zum Thema meldung kostenlos -> stargames.com - namt, ja hi alles nochmal Dank, dass Sytem läuft runder, google chrome hat noch diese delply drin??!! Einfach nochmal adwcleaner und JRT laufen lassen? Und ich seh noch ein ein - meldung kostenlos -> stargames.com...
Archiv
Du betrachtest: meldung kostenlos -> stargames.com auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.